Strategy: Lessons Learned From Duqu

Randy George06/30/12

Strategy: Lessons Learned From Duqu

After Stuxnet hit, security researchers wondered what would come next. It didn't take long before Duqu and then Flame hit, and researchers are once again looking out for the next piece of sophisticated malware with the power to hobble, if not take down, large companies and potentially government infrastructure.

While the average organization may not be the target of Duqu malware, Duqu variants present a real and imminent danger. The stealthy Duqu has been dubbed the “steal everything” virus for its ability to steal just about anything on a computer system. It's important for enterprise IT security professionals to be aware of cyber threats such as Stuxnet and Duqu, including what ­entities are developing and waging attacks with them, as well as how the malware has been constructed and what its payload is.

In this report we unpack Duqu to determine how it was developed, examine how it got onto systems and what its payload is, and ­provide recommendations for deflection and detection.